Skip to content
This repository has been archived by the owner on Sep 21, 2023. It is now read-only.

Commit

Permalink
Deprecate legacy CLI (#80)
Browse files Browse the repository at this point in the history
  • Loading branch information
sweoggy authored Sep 21, 2023
1 parent 5304ac3 commit a98b628
Show file tree
Hide file tree
Showing 12 changed files with 461 additions and 521 deletions.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@
.idea/**/dictionaries
.idea/**/shelf
.idea/commandlinetools
.idea/GitlabLint.xml
.idea/phpspec.xml
.idea/phpunit.xml
.idea/codeception.xml

# Generated files
.idea/**/contentModel.xml
Expand Down
34 changes: 31 additions & 3 deletions .idea/debricked-cli.iml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions .idea/git_toolbox_prj.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

43 changes: 38 additions & 5 deletions .idea/php.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

91 changes: 1 addition & 90 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,90 +1 @@
# debricked-cli
[![Build Status](https://github.com/debricked/debricked-cli/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/debricked/debricked-cli/actions/workflows/test.yml)
[![Latest Stable Version](https://poser.pugx.org/debricked/cli/v/stable)](https://packagist.org/packages/debricked/cli)

![Debricked CLI in action](debricked-cli.png)

Command Line Tool (CLI) for interacting with [Debricked](https://debricked.com). Supports uploading and checking your dependency files for vulnerabilities.

## Documentation
Head over to our [Integration documentation page](https://debricked.com/documentation/integrations/cli.html) for the main source of documentation.

To run the tool using only Docker, instead of a local install, use it as below,
where the current directory is assumed to contain the project you wish to scan.

```
docker run -it --rm -v $PWD:/data debricked/debricked-cli <command>
```

A practical example of scanning a local repository in your current working directory:

```
docker run -it --rm -v $PWD:/data debricked/debricked-cli debricked:scan [email protected] password myrepository mycommit null cli
```

To be clear, you need to modify these parts of the command:

* `[email protected]` and `password`: Replace with your e-mail and password to the service.
* `myrepository`: Replace with the name of the repository.
* `mycommit`: A unique identifier (for example the commit hash in Git) for this particular commit.

You do not need to replace `null cli`. It is simply a marked used by the server to distinguish between different integrations.

If you are building your CI pipeline integration, you can typically get `myrepository` and `mycommit` as environmental variables from you CI system.

### If you use languages that need a copy of the whole repository

In most cases, such as above, the tool only needs to upload your dependency files to the service.
However, [for certain languages](https://debricked.com/documentation/language-support/), you may need to upload a complete copy of the repository.
You then need to add the `--upload-all-files=true` to the command, such as in the following example.

```
docker run -it --rm -v $PWD:/data debricked/debricked-cli debricked:scan --upload-all-files=true [email protected] password myrepository mycommit null cli
```

#### Source-codeless scans

For Maven and Gradle builds, that normally require a complete copy of the source code, an alternative solution can be used as well.
This requires you to generate certain dependency tree artifacts locally, and then submit them to Debricked.
By doing so, you can avoid submitting a complete copy of the repository to Debricked, while still getting optimal dependency results.
However, this requires you to perform certain steps as a part of your pipeline.

To learn more, visit our documentation about [source-codeless scans](https://debricked.com/documentation/language-support/java-kotlin.html#source-codeless-scans) to get further instructions.

## Code contributions

### Build image for running the tool

To build the cli tool for running

```
docker build -t debricked/debricked-cli .
```

### Run tests
All contributions are greatly welcome! To help you get started we have included a
Dockerfile which provides an environment capable of running the whole CLI application
and related tests.

#### Prerequisites
- [Docker](https://docs.docker.com/install/)

#### Configure and run test environment
1. Create a .env.test.local file in the root directory (alongside this README) containing:
```text
DEBRICKED_USERNAME=your debricked username
DEBRICKED_PASSWORD=your debricked password
DEBRICKED_TOKEN=your debricked token
```
2. Run tests! You can now run the tests locally by executing `./localTest.sh` in your terminal.

#### Configure for development in PHPStorm

1. Build docker container for development using `docker build -t debricked-cli-dev --target=dev`
2. Run `composer install` inside a started container with a volume mount to `$PWD` and a suitable `--user uid:gid` flag to install dependencies.
3. Configure PHP storm with a remote PHP interpreter pointing to `debricked-cli-dev`,


### Best practises
We try to follow Symfony's best practises as much as possible when developing. You can read more about them here
https://symfony.com/doc/current/best_practices/business-logic.html
# Deprecated please use https://github.com/debricked/cli instead
Loading

0 comments on commit a98b628

Please sign in to comment.